Health Insurance Portability and Accountability Act (HIPAA) Training

INTRODUCTION


Training create an important opportunity for FAU to convey its organizational values, including its commitment to ethical and legal conduct, as well as to help ensure compliance with various HIPAA privacy and security rules and standards.  Both role and job-based training provide individuals who may/will come in extensive contact with protected health information (PHI) the appropriate resources and training to carry out their duties and responsibilities (e.g., how to handle and use PHI, as well as to understand the principles of administrative, physical and technical safeguards to protect PHI). 

APPLICABILITY


Training in the Privacy Rule and Security Standards of Health Information is required for all members of FAU’s workforce in the Covered Components as well as those working on their behalves.  Human Resources is responsible for the administration of the training program. 

SCOPE


All members of FAU’s Workforce in the Covered Components and other areas as identified by Human Resources, including faculty, staff, students, and volunteers, are required to complete appropriate training modules during the onboarding process and annually thereafter.  Additionally, individuals working with the Covered Components, as well as individuals who may come into extensive contact with PHI because of the nature of their position, role or job category, will also be required to complete the HIPAA training modules.

DEFINITIONS


Covered Component
– health care components of a Hybrid Entity, named and designated by the Hybrid Entity, that engage in Covered Functions, and any component that engages in activities that would make it a Business Associate of a Covered Component if the two components were separate legal entities.

Covered Entity – A health plan, health care clearinghouse, or health care provider who transmits any health information in electronic form in connection with a transaction covered by the Privacy Rule; the Covered Entity refers to the health care components of FAU that engage in Covered Functions.

Covered Functions - activities of a Covered Entity, the performance of which makes the entity a health plan, a health care clearinghouse, or a health care provider subject to the Privacy Rule.

Hybrid Entity - A single legal entity that is a Covered Entity, performs business activities that include both Covered and non-Covered Functions, and that designates its health care components in accordance with the Privacy Rule.

Workforce Members – Employees, volunteers, trainees, and other persons whose conduct in the performance of work for a Covered Component, is under the direct control of such component, whether or not they are paid by that component.

TRAINING REQUIREMENTS


All Workforce Members in the Covered Components, individuals working extensively with the Covered Components, and individuals, identified by Human Resources, who may significantly come into contact with PHI because of the nature of their position, role or job category (e.g., office of information security, accounts payable, financial aid, etc., must fulfill the following core training requirements annually: 

HIPAA Privacy Essentials – 1 hour course

This course presents an overview of HIPAA, and outlines the key provisions of HIPAA and the Privacy Rule and the applicability of HIPAA.  It also discusses PHI, authorizations and notifications, as well as complaints, enforcement and penalties.

HIPAA Security Rule for Covered Entities – 30 minute course

This course provides an overview of the security obligations related to electronic PHI imposed on the workforce of covered entities.  Specifically, this course explains various safeguards that covered entities should implement as well as discusses secure practices related to electronic PHI.


Individuals falling into the above categories, must fulfill their training requirements as follows:

  1. Within 15 days after an individual joins the workforce, and prior to accessing any PHI;
  2. Within 15 days after a role, job or position change that either places an individual within a Covered Component, working extensively with a Covered Component, or places the individual in a role, job or position where he/she comes into contact with PHI; and
  3. Annually (i.e., refresher training) by all Workforce Members, individuals working with the Covered Components, and individuals who may come into contact with PHI because of the nature of their position, role or job category.

All individuals subject to the HIPAA training requirements must receive a passing score of 80% or higher.

In addition to the core training requirements identified above, Workforce Members in Covered Components, individuals working with Covered Components and individuals who may come into contact with PHI because of the nature of their position, role or job category may be required to take additional training modules in the event of:

  1. A significant regulatory change;
  2. A material change in FAU’s compliance program or Notice of Privacy Practices; or
  3. Technology changes impacting privacy or security.

Research: Workforce members of a Covered Component may also be investigators conducting research involving PHI and as such must adhere to additional training requirements.  Researchers using PHI must complete the mandatory CITI HIPS training in addition to FAU required training under this policy.  Refer to http://www.fau.edu/research/researchint/hipaa.php .

PROCEDURE


To access the training course, please follow these instructions:

1. Go to https://floridaatlantic.skillport.com  

2. Log in with your FAUNet ID and password.

3. Click on "My Training" in the top navigation bar.

4. Click the "Launch" button next to the course you would like to complete.

    (It does not matter which course is completed first; just make sure you complete both courses)

5. Complete both training courses and earn a passing score on the exams.

6. Screenshot your scores for your own record. 

 

Common Issues:

Web browser - There are some performance issues with the training modules while using Microsoft Edge. We recommend you use a different browser to complete these courses.

Pop up blocker - If you receive a message stating a pop up has been blocked while you were launching the training modules, you may need to temporarily disable your pop up blocker or make an exception for Skillsoft within your internet browser settings. 

 

For enrollment and security-related questions, Please contact  security-training@fau.edu.

For technical assistance with training, please contact the FAU Helpdesk by visiting: http://helpdesk.fau.edu.





 Last Modified 5/12/17